Incident Response Tools
|
|
- Blaise Simon
- 6 years ago
- Views:
Transcription
1 Incident Response Tools James Madison University Dept. of Computer Science June 13, Introduction Being successfully attacked is inevitable. A determined hacker WILL be able to penetrate your network. The attacker, if they want to re-enter your network, will have to leave a backdoor somewhere. This means they will likely re-add guest accounts, disable firewall ports, and re-enable services that you had previously disabled (in the Windows Security Exercise...like FTP) to provide a means for them to access your computer easily. In this chapter, we will briefly re-examine things talked about in Windows Security Exercise that are relevant after an incident and then we will cover new tools that will help you investigate an incident. All tools necessary are available on the Desktop of your IR Tools snapshot. 2 Services Knowing what services are running on your windows machine is very important, especially after being attacked. Having extra services running that are not necessary may add vulnerabilities to your machine and may allow an attacker to re-enter your network. The more services that are running on a machine means the more services you must protect and secure. By default, many software packages install many extra side services you do not want to be running, and as good network administrator you must be aware of these. 2.1 What Services are running? All Microsoft Windows Server Editions have a Graphical User Interfaces to help manage the machines services. The GUI to manage what services are running can be accessed in the Start Menu under Administrative Tools by clicking on Services. Figure 1 shows how to access the services GUI from the start menu. 1
2 Figure 1: Click on Services to manage what services are running By default, the list of things on this list is large and di cult to sort through but we will only be looking at a few choice things. By default, Windows Firewall is Disabled. This is a very important service. An attacker, wanting to regain access to your system later may have disabled Windows Firewall. To turn it back on, double click on it and change Disabled to Automatic and then Press Start. Figure 2 shows how to do this. 2
3 Figure 2: Change Setup type to Automatic to turn the firewall on. You may also notice that the File Transfer Protocol may be enabled. It is very important that this protocol, and Telnet, should be disabled and they should always stay disabled. These protocols are used so remote users can authenticate and use your computer. Remote Authentication is a standard practice, but FTP and Telnet do not do it securely. If you see SSH or Very Security File Transfer Protocol, these services are okay to use. After an attacker enters your system, they may re-enable FTP or Telnet in order to access your machine later. They may think that the system administrator may not notice, since they were likely disabled to begin with. This is why it is so important to check and re-disable these services. 3 Firewalls All Windows distributions come with a built in host based firewall that you can configure. In the real world many companies buy expensive machines that are 3
4 only serve as a firewall. Even though the Windows Firewall is not expensive and dedicated hardware, it is a great line of defense to keep attackers from accessing ports on your computer that may have a vulnerability. It will also protect your computer from attacks that originate from inside your network. It is very easy to understand how a firewall works. People connect to your computer through ports and a firewall blocks ports. An easy way to think about ports is a lot of tiny mailboxes. Anytime someone wants to communicate with your server they put mail in a particular mailbox. Each port is for a di erent purpose. A firewall will block these mailboxes so nobody can put anything in them. This decreases the surface area a hacker could attack you with. Figure 3: Change Setup type to Automatic to turn the firewall on. To use the Windows Firewall, you must first enable it. Windows Firewall can be found in the Control Panel. After clicking on Windows Firewall you should see a user interface like the one in Figure 3. Change Windows Firewall from o to on and then click the Advanced tab at the top of the interface. 4
5 Figure 4: Click Settings and check Allow incoming echo request. In the advanced tab, click Settings within the ICMP settings. When the ICMP Settings user interface pops up select Allow incoming echo requests and then Ok. This allows other computers to ping your computer. Ping is special and does not use a port, but your firewall is still able to block it. Next click on the Exceptions tab at the top of the Windows Firewall. These instructions are reflected in Figure 4 Click on the Add Port button in the Exceptions tab to add exceptions to the Firewall. By default, Windows Firewall will block all ports and you only open the ones you need. This is much easier than leaving all open and blocking the ones you don t want because there are more than sixty-five thousand ports. Your computer will be running a Webserver, and webservers generally use port 80 to communicate with computers that request webpages. Figure 5 shows you how to unblock port 80. After pressing Ok in Windows Firewall, your Firewall changes will take a ect and your firewall will be active. 5
6 Figure 5: Make sure to select TCP after hitting pressing Add Port. 4 Command Line Tools The command line is a powerful tool that can help a defender get important information quickly and easily. There is a little bit of a learning curve when using the commandline, and almost nobody know every command there is, but learning how to use a few basic commands is quick and easy. To open the commandline, click to open the Start menu and click Command Prompt, or press Windows Key + R and type cmd.exe. In these tutorials we will only scratch the surface of the things these commands can do. If you want to learn more about a particular command, you can do so by typing command help into the terminal, where command is the command you want more information on. 4.1 netstat Netstat is a powerful command line tool that lists important networking information about your computer. The main uses for netstat is to show open network connections.to read comprehensive documentation about netstat, you can read ejj.mobi/uzaz3z. Netstat will show who and what is currently connected to 6
7 your computer. This is an extremely important thing to know. If an attacker was to hack your computer, they would have to communicate with your computer over the network in order to interact with it. Using netstat you could see if a hacker is currently connected to your computer and take steps to kick him out. In the command line window type netstat -an. The -an is used to specify exactly what information you want to show. -a means netstat will show all active connections. -n means netstat will show all ports your computer is listening for active connections on. After typing netstat -an, your terminal should look similar to the command line window in Figure 6. Figure 6: Output from a netstat -an command This shows you what it looks like when thee are no active connections, but what will it look like when you do have an active connection. In order to test this and see how netstat changes, open a web browser and enter google.com into the URL bar and hit enter. Re-enter netstat -an into the terminal and view how the output changes. There are now connections connecting to a foreign address that you can see. This is because your computer establishes a connection with google in order to communicate and ask google to send you their webpage. Open a new webpage and see how netstat changes. It may sometimes be di cult to identify good versus bad connections on your computer. Generally, a connection to a port that you should not need connections is bad. An example of this would be a webserver that only needs to allow connections to port 80. Connections you see to port 80 are more than likely good, but if netstat shows a connection on port 21, 22, or 23 to a remote 7
8 address then it is highly likely that your computer has been compromised. Also, check for your computer connecting to foreign address on high number ports. 4.2 ipconfig ipconfig is a command line program that can be used to show the networking information of your computer. It will show things like your IP address, physical address, and DNS server. Figure 7: Output from ipconfig /all command This tool is not a great tool to keep hackers out of your computer, it is more a tool to use when you first sit down on your computer. It may be useful to note your IP address, DNS Server, gateway, and physical address. These values are not static and you may notice them change, but if you notice these things changing often, it may be a sign an attacker has played with your networking configuration. 5 SysInternals SysInternals is a suite of free tools that help users better understand what is happening on the computer. They are all available, along with tutorials and doc- 8
9 umentation at In this document, we will demonstrate a few of the best tools in the suite. If you wish to download all sysinternal tools, you can at but all tools are already installed to your desktop in the Sysinternals folder. What is covered in this tutorial is by no means comprehensive. The Sys- Internals suite has so many uses and even the tools we cover have many uses beyond the scope of this tutorial. If you have extra time, try loading up a tool that sounds interesting and see what you can figure out. 5.1 tcpview TCPView is a program written by microsoft that helps you see networking information for your computer. It is very similar to netstat, but in a graphical form. It can be downloaded from To run it, double click on tcpview.exe in the Sysinternals folder. The graphical user interface will show current active TCP connections. If an attacker is communicating with your computer, you may see a suspicious connection. An example of this would be something like Notepad.exe using a TCP port to communicate with with a remote host. Notepad should never be communicating over the network. Below in Figure 8, is a screenshot of Figure 8: TCPView of a default Windows 2003 Installation As you can see, Windows has a variety of services that use TCP. The majority of these do not have a Remote Address. This means that some processes on your computer are communicating, using TCP, with other processes on your computer. This is a standard practice, and for the most part, you will only need to be concerned with suspicious processes connecting to suspicious remote addresses. 9
10 If you do notice a suspicious TCP connection, you can easily right click on the processes and click on End Process. It may be obvious that this tool is very similar to netstat. If you are in a hurry, you might save time by using netstat, but TCPView is more powerful and has greater functionality beyond monitoring. You can easily see the process associated with each TCP connection, which is very helpful. 5.2 Process Monitor Process Monitor, called procmon.exe in sysinternals, is a program that can be used to show what resources each processes has. Many processes require the usage of di erent resources that are stored on your computer. Process Monitor will help you understand which resources each process is using. For the most part, Process Monitor is a advanced tool to use that takes a lot of technical knowledge to understand what is really being shown, but knowing about this tool is important. Figure 9 shows a usage for Process Monitor that does not require deep technical knowledge. Using the Process Tree, found in tools, you can easily see how each process was created, and by what processes. This is extremely useful. 10
11 Figure 9: Process Tree example. See how processes were spawned. Using Process Tree, you can look for suspicious child processes (processes created by others). For example, Firefox.exe should not be spawning Notepad.exe. Processes that have nothing to do with eachother should not be spawning eachother. If you see this, investigate the processes using TCPView, you may have been compromised. Spend some time looking at the process tree and noting how one process my spawn many others. Open minesweeper and see how the Process Tree changes. 5.3 Autoruns One thing an attacker will likely do after hacking a computer is adding in a mechanism to get back into the computer when it is turned o and on. This means the attacker has to set the computer to run a certain program on startup, otherwise once you turn a computer o all the attacker s work is gone. To do this, they will add a file to an autorun directory or to the Registry. Usually, when applications wish to run at startup, they will be added in msconfig to the autorun tab. Checking this autorun tab is a good start, but not 11
12 enough. An attacker who knows windows internals will know there are many places they can put code that they want to be ran at start-up. In-fact, there are so many places, it would take too long to do this manually. Auto-runs is an application that can be used that will show ALL programs that will run at start-up. Figure 10 shows how to view all Autorun programs. Open autoruns.exe, and select the Everything tab. Figure 10: Show all processes that are autorun. In this Everything tab, you should see a lot of things that run at startup that are required for the computer to work properly. They are part of the Windows Operating System. Like the other SysInternal tools, you should be looking for suspicious programs that auto-run. Suspicious programs would include Services that are being started that you know you should not be required. If an FTP Server is started when you do not need FTP (you should never need FTP), or if a strange looking.exe is started, you need to investigate this and possibly remove it. Check to see if it is listening for incoming connections with netstat, and check TCPView to see if the process has a remote connection to it. 12
13 Nothing is currently hidden in an autorun directory. There is nothing for you to remove with this tool, but there are many things that run at startup. Take a look around at them. All the functionality that your computer has is accomplished with programs that run at startup. It may be a good idea to familiarize yourself with what a normal set-up looks like, and then look for things that are out of place when the time comes. 5.4 Rootkit Revealer Sometimes hacker will use sophisticated software to hide their presence on the machine. For example, the software may change the netstat command output to filter out the hacker s connection to your computer. Anyone who uses the netstat command will see regular output from the command, but the hacker s connection will be mysteriously missing. Programs that do this are called Rootkits. They are extremely dangerous and can be di cult to find. In Sysinternals, RootkitRevealer.exe can be used to help locate these. Figure 11: Show all processes that are autorun. Figure 11 shows how to start a scan and tell your computer to begin looking for rootkits. Rootkit Revealer works by asking for the same information from a lot of di erent places and trying to find discrepencies. For example, it may ask for open TCP connections. To do this, Rootkit revealer may use netstat, but also ask the underlying operating system. If there is a discrepency in the information that is returned, rootkit revealer will alert you and look for the root cause. Rootkit revealer, if it finds a well-known rootkit, will also easily allow you to remove it. Rootkits are extremely powerful tools and have gotten 13
14 extremely advanced and easy to use in the last few years. Rootkit revealer may help, but as a defender you really do not want to be in a position where you have to remove a rootkit. If rootkit reavealer doesn t help, you may have a di cult road ahead of you. Remember that, although this is a powerful tool and will do a good job detecting rootkits, it is not full-proof. There is always a chance of of a false positive or false positive when scanning. 6 Event Viewer The Event viewer is used to view logs as they are generated on your computer. Your computer, by default, logs many things, like successful logins to your computer. What the computer logs can be changed to log more information or to log less information. This is a tradeo. The more things you log, the more system resources you must dedicate to logging (processing power, writing to disk, and space). Log too little and you are unable to determine what happened if someone hacks your computer. This is an important trade-o. You can access the Event Viewer in the Computer Management window in Administrative Tools. To change exactly what is logged, you must access the Local Security Policies, in Administrative Tools. 6.1 Change What Is Logged By default, Windows does not log enough enough. We would at least like to see failed login attempts instead of only successful. To make windows log these, 14
15 Figure 12: How to add failed login attempts. Remember to press apply You can view these attempts and see much more information in the event viewer like in Figure 13. Double clicking events in the Event Viewer will provide you with more information. Using the Event Viewer, you may be able to notice if you have been compromised. For example, if you notice many unsuccessful login attempts at one certain time, followed by a successful attempt, it would be a good idea that you should look further into the incident and reset that users password. Figure 13: How to add failed login attempts. Remember to press apply 15
16 7 Valhalla Honeypots Honeypots are traps that defenders set on their network in order to attract hackers and allow defenders to easily identify who is malicious on their network. The concept is straightforward. A defender creates a Virtual Machine or a real machine and puts it on their network. The defender makes it look like this machine is very old and vulnerable to attacks (low hanging fruit). Hackers are lazy, so low hanging fruit is very desirable. Since a regular user on the network will never have a need to access the honeypot, any computer that contacts the honeypot is likely compromised. There are di erent levels of interaction that a honeypot can have. A low interaction honeypot will fool vulnerability scanners but a hacker will never be able to hack or log-in. High interaction Honeypots will fool vulnerability scanners but will also give the attack the illusion that they can log-in or hack the computer. There is a lot of software out there that allows you to easily set up a honeypot on a Windows machine. We will be using software called Valhalla to create honeypots. Valhalla is capable of creating low-interaction and high-interaction honeypots. To use Valhalla, open the Valhalla directory on the desktop and double click the.exe file. Next, click the Server Config button on the left side. 16
17 Figure 14: Valhalla Server Config GUI After opening the Server Config GUI, press the Options button for Web Server, FTP Server, and TELNET Server. Select the Enable buttons you see in Figure 15 and the No Login required button. Figure 15: Valhalla Server Config GUI 17
18 After clicking the Enable buttons, you can X out of the windows. Press Start, clickrun, and type cmd.exe and hit Enter. This will cause a Command Prompt to open. Next, type echo Text Webpage > C:\wwwroot \index.htm. This will create a new file, called index.htm, that contains Text Webpage. The point of this is that you configured Valhalla to have a Webserver honeypot. This page will be sent to anyone who tries to access your computer on Port 80, because webservers always run on Port 80. To test this, open up a webbrowser, and in the URL bar type 8 Conclusion Responding to an incident can be di cult. Piecing together what happened can be extremely challenging and it is possible that you may never have a complete picture of what happened. This tutorial was showed basic re-hardening and incident response tools, but there is still much to learn in the future. There was nothing to remove in this exercise because it is a very good idea to see what a non-compromised computer looks like, before you try to decide whether a di erent computer is compromised. More advanced incident response techniques will all di er depending on what you wish to do following the incident. If you wish to build a case and press charges against the inviduals responsible, your course of action will be very different than if you only want your computer to be safe from outsiders. 18
Clean & Speed Up Windows with AWO
Clean & Speed Up Windows with AWO C 400 / 1 Manage Windows with this Powerful Collection of System Tools Every version of Windows comes with at least a few programs for managing different aspects of your
More informationTo learn more about Stickley on Security visit You can contact Jim Stickley at
Thanks for attending this session on March 15th. To learn more about Stickley on Security visit www.stickleyonsecurity.com You can contact Jim Stickley at jim@stickleyonsecurity.com Have a great day! Fraud
More informationActivity 1: Using Windows XP Professional Security Checklist
Activity 1: Using Windows XP Professional Security Checklist Verify that all Disk partitions are Formatted with NTFS NTFS partitions offer access controls and protections that aren't available with the
More informationThe Crossed Swords wargame: Catching NATO red teams with cyber deception
The Crossed Swords wargame: Catching NATO red teams with cyber deception 2015-2018 Cymmetria Inc. All rights reserved. 2 BACKSTORY Once a year, the pentesters* and red teams of the countries of NATO descend
More informationAttackers Process. Compromise the Root of the Domain Network: Active Directory
Attackers Process Compromise the Root of the Domain Network: Active Directory BACKDOORS STEAL CREDENTIALS MOVE LATERALLY MAINTAIN PRESENCE PREVENTION SOLUTIONS INITIAL RECON INITIAL COMPROMISE ESTABLISH
More informationLANDesk Management Gateway. Users Guide to Using the Management Gateway 4.2 and prior versions
LANDesk Management Gateway Users Guide to Using the Management Gateway 4.2 and prior versions Contents Introduction... 3 Scope... 3 Technology Overview... 3 Remote Control Viewer... 3 Installation... 3
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 First, the news The Great Cannon of China https://citizenlab.org/2015/04/chinas-great-cannon/ KAMI VANIEA 2 Today Open System Interconnect (OSI) model
More informationThanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at
Thanks! Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at jim@stickleyonsecurity.com Don t forget to checkout Stickley on Security and learn about our
More informationAmazon Elastic Cloud (EC2): An Easy Route to Your Own Dedicated Webserver
Amazon Elastic Cloud (EC2): An Easy Route to Your Own Dedicated Webserver The Amazon Elastic Cloud is a service which allows anyone to create their own dedicated web-servers which Aamazon manage & run.
More informationOODA Security. Taking back the advantage!
OODA Security Taking back the advantage! About Me Kevin Fiscus Owner Cyber Defense Advisors 24 Years in IT 13 Years in security SANS Certified Instructor GIAC Security Expert Cyber Guardian Red/Blue Team
More informationNET 311 D INFORMATION SECURITY
1 NET 311 D INFORMATION SECURITY Networks and Communication Department TUTORIAL 6 :Securing Your Windows 8 System 4 Steps to secure your windows 8 system 2 1. Configure Windows 8 Settings. 2. Installing
More informationKeep Track of Your Passwords Easily
Keep Track of Your Passwords Easily K 100 / 1 The Useful Free Program that Means You ll Never Forget a Password Again These days, everything you do seems to involve a username, a password or a reference
More informationANTIVIRUS SITE PROTECTION (by SiteGuarding.com)
ANTIVIRUS SITE PROTECTION (by SiteGuarding.com) USER GUIDE Version 1.0.0 Antivirus Site Protection (by SiteGuarding.com) 1.0.0 1 Table of content 1. INTRODUCTION. 3 2. HOW IT WORKS.... 6 3. HOW TO CONFIGURE..
More informationWeek Date Teaching Attended 5 Feb 2013 Lab 7: Snort IDS Rule Development
Weekly Tasks Week 5 Rich Macfarlane 2013 Week Date Teaching Attended 5 Feb 2013 Lab 7: Snort IDS Rule Development Aim: The aim of these labs are to further investigate the Snort, network IDS, and methods
More informationHow to Secure SSH with Google Two-Factor Authentication
How to Secure SSH with Google Two-Factor Authentication WELL, SINCE IT IS QUITE COMPLEX TO SET UP, WE VE DECIDED TO DEDICATE A WHOLE BLOG TO THAT PARTICULAR STEP! A few weeks ago we took a look at how
More informationAdditional laboratory
Additional laboratory This is addicional laboratory session where you will get familiar with the working environment. Firstly, you will learn about the different servers present in the lab and how desktops
More informationIntroduction to the Internet. Part 1. What is the Internet?
Introduction to the Internet Part 1 What is the Internet? A means of connecting a computer to any other computer anywhere in the world via dedicated routers and servers. When two computers are connected
More informationFTP Frequently Asked Questions
Guide to FTP Introduction This manual will guide you through understanding the basics of FTP and file management. Within this manual are step-by-step instructions detailing how to connect to your server,
More informationYour . A setup guide. Last updated March 7, Kingsford Avenue, Glasgow G44 3EU
fuzzylime WE KNOW DESIGN WEB DESIGN AND CONTENT MANAGEMENT 19 Kingsford Avenue, Glasgow G44 3EU 0141 416 1040 hello@fuzzylime.co.uk www.fuzzylime.co.uk Your email A setup guide Last updated March 7, 2017
More informationANTIVIRUS SITE PROTECTION (by SiteGuarding.com)
ANTIVIRUS SITE PROTECTION (by SiteGuarding.com) USER GUIDE Version 0.1.0 1 Table of content 1. INTRODUCTION. 3 2. HOW IT WORKS.... 6 3. HOW TO CONFIGURE.. 7 2 1. INTRODUCTION Antivirus Site Protection
More informationSpeed Up Windows by Disabling Startup Programs
Speed Up Windows by Disabling Startup Programs Increase Your PC s Speed by Preventing Unnecessary Programs from Running Windows All S 630 / 1 When you look at the tray area beside the clock, do you see
More informationData Structures and Algorithms Dr. Naveen Garg Department of Computer Science and Engineering Indian Institute of Technology, Delhi.
Data Structures and Algorithms Dr. Naveen Garg Department of Computer Science and Engineering Indian Institute of Technology, Delhi Lecture 18 Tries Today we are going to be talking about another data
More informationDER GOBBLE. Good Secure Crypto Wallet Practices. What is your wallet?
DER GOBBLE Good Secure Crypto Wallet Practices When it comes to crypto currencies and securing your money, the absolute best 99% guaranteed security for your wallets is YOU. You are the one that will expose
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 Similar statements are found in most content hosting website privacy policies. What is it about how the internet works that makes this statement necessary
More informationAdvanced Threat Hunting:
Advanced Threat Hunting: Identify and Track Adversaries Infiltrating Your Organization In Partnership with: Presented by: Randeep Gill Tony Shadrake Enterprise Security Engineer, Europe Regional Director,
More informationWindows Help document Part A
Compiled by: Todd Johnstone Before starting these steps, open a Word document, save it in documents in a folder called computing problems and use that document to capture items that show as bad as you
More informationOpsCenter Basics Why Aren t You Using It?
OpsCenter Basics Why Aren t You Using It? This is a SELF-GUIDED LAB if you prefer. You are welcome to get started and leave when you are finished, or you can play with the OC instance to gain more knowledge.
More informationFIT 100: Fluency with Information Technology
FIT 100: Fluency with Information Technology Lab 1: UW NetID, Email, Activating Student Web Pages Table of Contents: Obtain a UW Net ID (your email / web page identity):... 1 1. Setting Up An Account...
More informationINSTALLING AN SSH / X-WINDOW ENVIRONMENT ON A WINDOWS PC. Nicholas Fitzkee Mississippi State University Updated May 19, 2017
INSTALLING AN SSH / X-WINDOW ENVIRONMENT ON A WINDOWS PC Installing Secure Shell (SSH) Client Nicholas Fitzkee Mississippi State University Updated May 19, 2017 The first thing you will need is SSH. SSH
More informationFor Volunteers An Elvanto Guide
For Volunteers An Elvanto Guide www.elvanto.com Volunteers are what keep churches running! This guide is for volunteers who use Elvanto. If you re in charge of volunteers, why not check out our Volunteer
More informationSpam Protection Guide
Spam Email Protection Guide Version 1.0 Last Modified 5/29/2014 by Mike Copening Contents Overview of Spam at RTS... 1 Types of Spam... 1 Spam Tricks... 2 Imitation of 3 rd Party Email Template... 2 Spoofed
More informationHow to Build a Culture of Security
How to Build a Culture of Security March 2016 Table of Contents You are the target... 3 Social Engineering & Phishing and Spear-Phishing... 4 Browsing the Internet & Social Networking... 5 Bringing Your
More informationWhere Did My Files Go? How to find your files using Windows 10
Where Did My Files Go? How to find your files using Windows 10 Have you just upgraded to Windows 10? Are you finding it difficult to find your files? Are you asking yourself Where did My Computer or My
More informationSetting up a ColdFusion Workstation
Setting up a ColdFusion Workstation Draft Version Mark Mathis 2000 all rights reserved mark@teratech.com 2 Setting up a ColdFusion workstation Table of Contents Browsers:...5 Internet Explorer:...5 Web
More informationXP: Backup Your Important Files for Safety
XP: Backup Your Important Files for Safety X 380 / 1 Protect Your Personal Files Against Accidental Loss with XP s Backup Wizard Your computer contains a great many important files, but when it comes to
More informationshortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge
shortcut Your Short Cut to Knowledge The following is an excerpt from a Short Cut published by one of the Pearson Education imprints. Short Cuts are short, concise, PDF documents designed specifically
More informationFirewall Identification: Banner Grabbing
Honey POt Firewall Identification: Banner Grabbing Banners are messages sent out by network services during the connection to the service. Banners announce which service is running on the system. Banner
More informationFirewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003
Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003 A system or combination of systems that enforces a boundary between two or more networks - NCSA
More informationThe quick brown fox jumped over the lazy dogs back. THE QUICK BROWN FOX JUMPED OVER THE LAZY DOGS BACK (typed in all caps)
Hands-on Activity 1 Hashing: A hash value is a numeric value of a fixed length that uniquely identifies data. Hash values represent large amounts of data as much smaller numeric values, so they are used
More informationNetwork Defenses KAMI VANIEA 1
Network Defenses KAMI VANIEA 26 SEPTEMBER 2017 KAMI VANIEA 1 First the news http://arstech nica.com/secu rity/2015/04/ meet-greatcannon-theman-in-themiddleweapon-chinaused-ongithub/ 2 First the news http://arstechni
More informationn Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network
Always Remember Chapter #1: Network Device Configuration There is no 100 percent secure system, and there is nothing that is foolproof! 2 Outline Learn about the Security+ exam Learn basic terminology
More informationHellerstein/Olston. Homework 6: Database Application. beartunes. 11:59:59 PM on Wednesday, December 6 th
Homework 6: Database Application beartunes Due @ 11:59:59 PM on Wednesday, December 6 th Overview For this assignment, you ll be implementing portions of a database-backed web application using Ruby on
More informationCUSTOMER CONTROL PANEL... 2 DASHBOARD... 3 HOSTING &
Table of Contents CUSTOMER CONTROL PANEL... 2 LOGGING IN... 2 RESET YOUR PASSWORD... 2 DASHBOARD... 3 HOSTING & EMAIL... 4 WEB FORWARDING... 4 WEBSITE... 5 Usage... 5 Subdomains... 5 SSH Access... 6 File
More informationCollege of Pharmacy Windows 10
College of Pharmacy Windows 10 Windows 10 is the version of Microsoft s flagship operating system that follows Windows 8; the OS was released in July 2015. Windows 10 is designed to address common criticisms
More informationWebShell UDURRANI.COM
WebShell UDURRANI.COM Webshell is simply a backdoor used by attackers to enable remote administration and control. It s normally an obfuscated script i.e. php, cgi, aspx. Attacker could access webshell
More informationSubversion was not there a minute ago. Then I went through a couple of menus and eventually it showed up. Why is it there sometimes and sometimes not?
Subversion was not there a minute ago. Then I went through a couple of menus and eventually it showed up. Why is it there sometimes and sometimes not? Trying to commit a first file. There is nothing on
More informationn Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic
Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output
More informationKermit 95 SSH Installation Instructions
Kermit 95 SSH Installation Instructions Kermit 95 is a licensed product, not free software, and its use with WordStock is licensed as well. If you re installing Kermit 95 on a computer which is replacing
More informationUKNova s Getting Connectable Guide
UKNova s Getting Connectable Guide Version 1.2 2010/03/22 1. WHAT IS "BEING CONNECTABLE" AND WHY DO I NEED IT? Being connectable means being able to give back to others it is the fundamental principle
More informationNetcat Scanning to Backdoors
Netcat Scanning to Backdoors Security & Privacy on the Internet (03-60-467) Fall 2009 Submitted to Dr. A.K. Aggarwal Submitted By Jeffrey Kurcz School of Computer Science University of Windsor CONTENTS
More informationIntrusion Detection - Snort
Intrusion Detection - Snort 1 Sometimes, Defenses Fail Our defenses aren t perfect Patches aren t applied promptly enough AV signatures not always up to date 0-days get through Someone brings in an infected
More informationComputer Network Vulnerabilities
Computer Network Vulnerabilities Objectives Explain how routers are used to protect networks Describe firewall technology Describe intrusion detection systems Describe honeypots Routers Routers are like
More informationWindows. Not just for houses
Windows Not just for houses Everyone Uses Windows! (sorry James!) Users Accounts to separate people on a computer Multiple user accounts on a computer Ex) shared family computer Access level can be set
More informationDoS Attacks Malicious Code Attacks Device Hardening Social Engineering The Network Security Wheel
CCNA4 Chapter 4 * DoS Attacks DoS attacks are the most publicized form of attack and also among the most difficult to eliminate. DoS attacks prevent authorized people from using a service by consuming
More informationFigure 1-1. When we finish Part 2, our server will be ready to have workstations join the domain and start sharing files. Now here we go!
1 of 18 9/6/2008 4:05 AM Configuring Windows Server 2003 for a Small Business Network, Part 2 Written by Cortex Wednesday, 16 August 2006 Welcome to Part 2 of the "Configuring Windows Server 2003 for a
More informationGetting started with System Center Essentials 2007
At a glance: Installing and upgrading Configuring Essentials 2007 Troubleshooting steps Getting started with System Center Essentials 2007 David Mills System Center Essentials 2007 is a new IT management
More informationArchitectural Engineering Senior Thesis CPEP Webpage Guidelines and Instructions
Architectural Engineering Senior Thesis CPEP Webpage Guidelines and Instructions Your Thesis Drive (T:\) Each student is allocated space on the Thesis drive. Any files on this drive are accessible from
More informationContents. SSL-Based Services: HTTPS and FTPS 2. Generating A Certificate 2. Creating A Self-Signed Certificate 3. Obtaining A Signed Certificate 4
Contents SSL-Based Services: HTTPS and FTPS 2 Generating A Certificate 2 Creating A Self-Signed Certificate 3 Obtaining A Signed Certificate 4 Enabling Secure Services 5 SSL/TLS Security Level 5 A Note
More informationQuick Start. How to start monitoring use of your computer right away.
Quick Start Using the Scheduler Capture Types Other Recommended Settings Viewing Captured Information Viewing, Replaying and Deleting captures Silently Emailing Capture Logs Hiding the prog. from praying
More informationCS356 Lab NIL (Lam) In this lab you will learn: Cisco 2600 Router Configuration Static Routing PartB 20 min Access Control Lists PartC 30 min Explore!
CS356 Lab NIL (Lam) In this lab you will learn: PartA Time: 2 hrs 40 min Cisco 2600 Router Configuration Static Routing PartB 20 min Access Control Lists PartC 30 min Explore! Components used: 2 computers
More informationThe Benefits of SMS as a Marketing and Communications Channel From The Chat Bubble written by Michael
The Benefits of SMS as a Marketing and Communications Channel 1 Why companies and organizations should do SMS. We re going to talk through from an organization or marketers point of view, what SMS is good
More informationComputer Security and Privacy
CSE P 590 / CSE M 590 (Spring 2010) Computer Security and Privacy Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More information4Sight for Mac User Guide. Version 2.4
4Sight for Mac User Guide Version 2.4 Contents Welcome to 4Sight for Mac Desktop Client... 3 How to Install 4Sight... 3 Where is it?... 4 The Dock menu... 4 The menu bar... 4 Phone window... 5 Preview
More informationConfiguring GNS3 for CCNA Security Exam (for Windows) Software Requirements to Run GNS3
Configuring GNS3 for CCNA Security Exam (for Windows) Software Requirements to Run GNS3 From Cisco s website, here are the minimum requirements for CCP 2.7 and CCP 2.8: The following info comes from many
More informationJackson State University Department of Computer Science CSC / Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan
Jackson State University Department of Computer Science CSC 437-01/539-01 Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan Lab Project # 2: Running Secure Shell (SSH) Server in a Virtual
More informationIntrusion Detection - Snort
Intrusion Detection - Snort Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 Sometimes, Defenses Fail Our defenses aren t perfect Patches aren t applied promptly enough AV signatures
More informationCS 326e Lab 2, Edmondson-Yurkanan, Spring 2004 Router Configuration, Routing and Access Lists
CS 326e Lab 2, Edmondson-Yurkanan, Spring 2004 Router Configuration, Routing and Access Lists Name: In this lab you will learn: PartA Cisco 2600 Router Configuration Static Routing PartB 20 min Dynamic
More informationHow to Stay Safe on Public Wi-Fi Networks
How to Stay Safe on Public Wi-Fi Networks Starbucks is now offering free Wi-Fi to all customers at every location. Whether you re clicking connect on Starbucks Wi-Fi or some other unsecured, public Wi-Fi
More informationGetting Started with XMF Remote
Getting Started with XMF Remote Remote R9.5 Contents Introduction......................................................... 5 How to Login........................................................ 6 The
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
More informationAvira Ultimate Protection Suite. Short guide
Avira Ultimate Protection Suite Short guide 01 Trademarks and Copyright Trademarks Windows is a registered trademark of the Microsoft Corporation in the United States and other countries. All other brand
More informationInstallation guide for Choic Multi User Edition
Installation guide for ChoiceMail Multi User Edition March, 2004 Version 2.1 Copyright DigiPortal Software Inc., 2002 2004 All rights reserved ChoiceMail Multi User Installation Guide 1. Go to the URL
More informationWHITE PAPER. Best Practices for Web Application Firewall Management
WHITE PAPER Best Practices for Web Application Firewall Management WHITE PAPER Best Practices for Web Application Firewall Management.. INTRODUCTION 1 DEPLOYMENT BEST PRACTICES 2 Document your security
More informationTroubleshooting AB Tutor Control Connection problems
Troubleshooting AB Tutor Control Connection problems Contents Troubleshooting AB Tutor Control Connection problems... 1 Overview... 2 Common Problems... 2 Failed to find a computer during a Scan ( Find
More informationINSTALLATION AND USER S GUIDE OfficeCalendar for Microsoft Outlook
INSTALLATION AND USER S GUIDE OfficeCalendar for Microsoft Outlook Sharing Microsoft Outlook Calendar and Contacts without Exchange Server 1 Table of Contents What is OfficeCalendar? Sharing Microsoft
More informationProtegent Total Security Solution USER GUIDE Unistal Systems Pvt. Ltd. All rights Reserved Page 1
Protegent Total Security Solution USER GUIDE 2007-2017 Unistal Systems Pvt. Ltd. All rights Reserved Page 1 Table of Contents PROTEGENT TOTAL SECURITY...3 INSTALLATION...4 REGISTERING PROTEGENT TOTAL SECURITY...
More informationThe Eight Rules of Security
The Eight Rules of Security The components of every security decision. Understanding and applying these rules builds a foundation for creating strong and formal practices through which we can make intelligent
More informationXton Access Manager GETTING STARTED GUIDE
Xton Access Manager GETTING STARTED GUIDE XTON TECHNOLOGIES, LLC PHILADELPHIA Copyright 2017. Xton Technologies LLC. Contents Introduction... 2 Technical Support... 2 What is Xton Access Manager?... 3
More informationAgent and Agent Browser. Updated Friday, January 26, Autotask Corporation
Agent and Agent Browser Updated Friday, January 26, 2018 2018 Autotask Corporation Table of Contents Table of Contents 2 The AEM Agent and Agent Browser 3 AEM Agent 5 Privacy Mode 9 Agent Browser 11 Agent
More informationPrinciples of ICT Systems and Data Security
Principles of ICT Systems and Data Security Ethical Hacking Ethical Hacking What is ethical hacking? Ethical Hacking It is a process where a computer security expert, who specialises in penetration testing
More informationINTERNET SAFETY IS IMPORTANT
INTERNET SAFETY IS IMPORTANT Internet safety is not just the ability to avoid dangerous websites, scams, or hacking. It s the idea that knowledge of how the internet works is just as important as being
More informationPage 1
www.downloadplrproducts.com Page 1 Introduction... 3 Your Website... 4 Getting Traffic... 5 Local SEO... 6 Directories... 7 Social Marketing... 8 Offline Marketing... 9 Building a List... 10 Conclusion...
More informationMicrosoft Expression Web is usually obtained as a program within Microsoft Expression Studio. This tutorial deals specifically with Versions 3 and 4,
Microsoft Expression Web is usually obtained as a program within Microsoft Expression Studio. This tutorial deals specifically with Versions 3 and 4, which are very similar in most respects and the important
More informationINSTRUCTION MANUAL BreakingSecurity.net. Revision Remcos v2.3.0
INSTRUCTION MANUAL Revision 14 -- Remcos v2.3.0 2019 BreakingSecurity.net 1 TABLE OF CONTENTS CHAPTER 1: INTRODUCTION TO REMCOS... 3 USAGE CASES... 3 COMPATIBILITY & DEVELOPMENT... 3 STRUCTURE... 4 CHAPTER
More informationUsing the SSM Administration Console
CHAPTER 6 Your user role controls whether you can access the SSM Administration Console. The following information is included in this section: SSM Administration Console Overview, page 6-1 Launching the
More informationOPEN THE HOTLINE CLIENT
OPEN THE HOTLINE CLIENT Everything in the Hotline universe starts with the Client Toolbar; it launches all of the Client s major functions. 1 Double-click the Hotline icon on your desktop. The Hotline
More informationGetting started with OWASP WebGoat 4.0 and SOAPUI.
Getting started with OWASP WebGoat 4.0 and SOAPUI. Hacking web services, an introduction. Version 1.0 by Philippe Bogaerts mailto:philippe.bogaerts@radarhack.com http://www.radarhack.com 1. Introduction
More informationOverview Intrusion Detection Systems and Practices
Overview Intrusion Detection Systems and Practices Chapter 13 Lecturer: Pei-yih Ting Intrusion Detection Concepts Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy
More informationctio Computer Hygiene /R S E R ich
Computer Hygiene Protect Yourself You don't want to be part of the problem If there is a serious attack, you want your systems to be clean You rely on your systems on the air these days Packet NBEMS Logging
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationCyber Smarts Using Social Media Wisely
Cyber Smarts Using Social Media Wisely Posted on March 24, 2016 by Shridevi Stock Photo You have access to the world s largest museum, art gallery, library and social group ever created. You also have
More informationRouterCheck Installation and Usage
RouterCheck Installation and Usage February 16, 2015 No part of this document may be reproduced, copied, or distributed in any fashion without the express written permission of Sericon Technology Inc.
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme file
More informationXchange for Samsung MAC User Guide. Version 2.4
Xchange for Samsung MAC User Guide Version 2.4 Contents Welcome to Xchange for Samsung Mac Desktop Client... 32 How to Install Xchange... 3 Where is it?... 43 The Dock menu... 4 The menu bar... 4 Preview
More informationTrend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme file
More informationSchoolBooking LDAP Integration Guide
SchoolBooking LDAP Integration Guide Before you start This guide has been written to help you configure SchoolBooking to connect to your LDAP server. Please treat this document as a reference guide, your
More informationClient-server practices
Client-server practices DSC340 Mike Pangburn Agenda Overview of client-server development Editing on client (e.g., Notepad) or directly on server (e.g., nano) Practice Create text file from scratch on
More informationADOBE DREAMWEAVER CS4 BASICS
ADOBE DREAMWEAVER CS4 BASICS Dreamweaver CS4 2 This tutorial focuses on the basic steps involved in creating an attractive, functional website. In using this tutorial you will learn to design a site layout,
More informationFACEBOOK SAFETY FOR JOURNALISTS. Thanks to these partners for reviewing these safety guidelines:
FACEBOOK SAFETY FOR JOURNALISTS Thanks to these partners for reviewing these safety guidelines: 10 STEPS TO KEEP YOURSELF SAFE Journalists are using Facebook in innovative ways to do their jobs, tell stories,
More informationP1_L3 Operating Systems Security Page 1
P1_L3 Operating Systems Security Page 1 that is done by the operating system. systems. The operating system plays a really critical role in protecting resources in a computer system. Resources such as
More information